Holistic compliance management system
We have clearly expressed our commitment to complying with ethical principles and both legal and statutory requirements. This commitment has been incorporated in our Guiding Principles and Code of Conduct. The Code of Conduct is valid throughout the Group and has been introduced in all of our national companies.
At Deutsche Telekom, compliance means following the rules and always doing the right thing. Integrity – which necessarily encompasses compliance – forms the basis of all our business decisions and activities. It defines the behavior of all our employees when dealing with customers, employees, investors, managers, and Deutsche Telekom’s general environment.
We have set up a holistic compliance management system to ensure lawful and ethical conduct in all areas of the Group and successfully tackle compliance risks. Responsibility for the compliance management system at Deutsche Telekom lies with top management, which underscores the great importance we attach to the topic. The Group-wide design, development, and implementation of the compliance management system falls under the remit of the CCO (Chief Compliance Officer) of Deutsche Telekom AG and the Group Compliance Management unit she runs. We also have COs (compliance officers) at each of our operating segments and national companies It is their job to ensure the compliance management system and our compliance goals are implemented on site.
We have derived the following objectives for our compliance work:
- Preventing compliance violations and unethical business decisions
- Integrating compliance into business processes at an early stage and on a lasting basis
- Minimizing liability risks for the company
- Being viewed as a dependable partner by customers and business partners
- Adopting a consistent approach to preventing, identifying, and responding to non-compliance
- Fostering a compliance culture and ethical conduct
Reporting against standards
- GRI 102-17 (General Disclosures)
Ongoing audit of compliance management continued
In 2020, we continued the regular audits of our compliance management system that began in 2010 in accordance with audit standard 980 of the Institute of Public Auditors in Germany, with “anti-corruption” as its main emphasis. This is how we aim to constantly ensure that we can confront risks of corruption consistently and have established effective processes in the company.
Between 2016 and 2018, we verified compliance management at a total of 25 German and international companies. A new audit cycle began in 2020: Nine audits were carried out at German companies in the reporting year. 14 international companies will follow in 2021. The audit focuses on processes that are exposed to an increased risk of corruption, for example, in procurement, sales, events, donations, sponsorships, and human resources.
For the companies audited in 2020, auditors again confirmed the appropriateness, functionality and effectiveness of the compliance management system. Please see the relevant audit reports for details.
Further development of the compliance management system through regular risk assessment
Our goal is to systematically identify, analyze and evaluate compliance risks for the company. Risk-oriented measures can then be derived to prevent legal and regulatory violations. For this reason, an overall compliance risk assessment (CRA) is carried out centrally by Group Compliance Management on an annual basis. It also includes Deutsche Telekom subsidiaries that are selected on a risk basis. For this we have established a Group-wide compliance management process, established responsibilities, and defined assessment criteria. The individual steps are documented transparently. In detail, the CRAs proceed as follows:
- The companies that will take part in the CRA are selected according to the level of maturity of their compliance management system (maturity-based model). In 2020, 69 companies participated. That equates to a coverage of 94.27 percent (based on the number of employees of the fully consolidated companies at the end of 2019). Responsibility for conducting the CRA lies with the respective national company. The central compliance organization also assists with its implementation and provides a standardized methodology. Group Compliance Management then uses the findings from the CRA to derive risk-oriented Group-wide measures. The Board of Management and Audit Committee of the Supervisory Board of Deutsche Telekom AG are regularly informed about the Group's compliance risk situation.
- The national companies’ managements are responsible for the results of the compliance risk assessment. Activities and responsibilities for the following year’s compliance program are developed on the basis of these results. The management then passes a formal resolution to approve the program. The measures from the compliance program are monitored closely. Any potential risks for our company are listed in a Group risk map. It enables the various Deutsche Telekom companies, with their different business models, to conduct systematic risk analyses. In 2020, the risk map covered 27 core risk categories, including, for example, corruption, anti-trust law violations, and violations of the Code of Human Rights & Social Principles. In view of the rapid pace of digitalization, we plan to add the topic of “digital ethics” to the risk map in 2021. Each national company can add more categories specific to their business needs and as warranted. This involves defining which specific threat each risk poses to the national company and stating which steps have already been implemented to rule out this risk as far as possible. If necessary, additional measures are developed to reduce the risks to a manageable level.
A clear reference framework: Our Code of Conduct and Guidelines for Artificial Intelligence
Integrity, respect, and compliance with the law – these are the principles on which Deutsche Telekom’s business activities are based. The Code of Conduct is valid throughout the Group and was revised in 2020. Our Code of Conduct is the central reference framework for lawful and ethical conduct. It makes a significant contribution to our business success by providing a solid, ethical foundation for our business activities.
Our Guidelines for Artificial Intelligence (AI) supplement our Code of Conduct at the strategic level. They set out clear requirements for how we want to deal with AI at Deutsche Telekom. In following the AI guidelines, we have made it our goal to use and refine our AI products and services in a responsible manner. We are also committed to complying with applicable laws and regulations at all times.
Raising awareness of compliance risks among staff
We aim to ensure the conduct of our employees in their day-to-day work is always ethical and lawful, which is why we implement the following measures across the entire Group:
- A Group-wide Code of Conduct that sets out clearly how our employees are expected to behave.
- Compliance-related Group policies on areas such as anti-corruption, gifts, invitations, and events, as well as on dealings with consultants and sales partners.
- A policies database that helps staff find and implement applicable regulations.
- Preventive measures that are combined in a compliance program.
- Regular compliance and anti-corruption training, which is also part of our onboarding process (see GRI 205-2), supplemented by a Group-wide e-learning campaign since 2020
- Since 2020, gradual rollout of a revised online training course for basic compliance issues (E-Learning Compliance Fundamentals 2.0 e-learning course)
- The “Ask me!” portal for questions relating to compliance. The portal contains FAQs with example cases, as well as information on laws, internal policies, and conduct rules. It also gives users the opportunity to contact the “Ask me!” advisory team, which will provide reliable answers if employees are unsure about what to do in a particular situation. The number of inquiries and the topics covered can be viewed here.
- Annual compliance risk assessment (CRA), which we use to identify and assess compliance risks in the national companies and specify key areas for suitable preventive measures.
- Since 2013, to mark the worldwide UN Anti-Corruption Day on December 9: Implementation of Group-wide communication campaigns and various topic-related activities at the companies
- Regular anti-corruption statements by Deutsche Telekom Board of Management members
Systematic handling of infractions
We follow up on all tip-offs related to a violation of legal or internal regulations, provided the description of the facts is adequate. One of the channels we use to receive tip-offs is the whistleblower portal "Tell me!”.
- All tip-offs are treated as confidential, checked for plausibility, and carefully investigated.
- Any violations we uncover will be rigorously sanctioned without exception according to legal provisions, regardless of the rank and position of the persons involved. This also includes possible termination of the employment relationship and an assertion of claims for damages. Any weaknesses identified in the internal control system during the investigation are systematically analyzed and remedied.
Deutsche Telekom is party to proceedings both in and out of court with government agencies, competitors, or other parties. We have reported on what Deutsche Telekom views as key processes in the 2020 annual report.Reporting against standards
- GRI 102-17 (General Disclosures)
- GRI 416-2 (Customer Health and Safety)
- GRI 418-1 (Customer Privacy)
- GRI 419-1 (Socioeconomic Compliance)
- TC-TL-220a.3 (Data Privacy)
- TC-TL-520a.1 (Competitive Behaviour & Open Internet)
“Tell me!” whistleblower portal
We have created the Tell me! whistleblower portal to uncover non-compliant conduct. Both our employees and external parties such as business partners and customers can use the portal to report misconduct – and can do so anonymously. We have introduced a Group-wide reporting process to control and monitor these activities.
In 2020, 113 compliance-related reports were made to Deutsche Telekom via the “Tell me!” portal (122 reports were made in the previous year). 12 of those are still being reviewed for plausibility (as of December 31, 2020). A total of 38 were confirmed as actual misconduct and were prosecuted accordingly. 63 plausible reports were investigated as compliance cases.
- Most of the tip-offs received in 2020 focused on “financial interests” (possible cases of fraud, breach of trust, manipulation of targets, and unfair sales methods).
- In confirmed cases, we impose systematic sanctions that are proportionate to the act and the guilt of the perpetrator and are in line with applicable legal provisions. A list of the actions taken is published on our website.
- Naturally, we always follow up on all compliance-related tip-offs, even those that reach us through other channels.
Receipt and handling of tip-offs on the “Tell me!” portal*
|1 060||1 058||953|
|Compliance-relevant tip-offs||113|| |
|Thereof anonymous tip-offs||57|| |
* Tip-offs received directly by the international companies are only included here if they are relevant to the Group.
Measures to strengthen our corporate culture
Since 2016, our “Compliance-based Corporate Culture” initiative has reinforced ethical and moral conduct and an active speak-up culture at the Group.
Various measures were derived from our 2018 and 2019 employee surveys; these were rolled out across the Group in 2020 based on the advice and support of independent external experts and institutes.
Further development of the Compliance organization
Deutsche Telekom’s market environment is constantly shifting – and the working world at Deutsche Telekom is also changing rapidly. This is coupled with the need to constantly adjust the range of duties covered by Compliance and keep the knowledge of Compliance employees up to date. To prepare our Compliance organization for the increasingly digital and agile developments in the working world, we launched the “Compliance Next Level” initiative in 2020. The vision of the initiative is closely linked to Deutsche Telekom’s strategic evolution into a purpose-driven company and the redesign of its Guiding Principles. The “Respect and Integrity” Guiding Principle plays a particularly important role in this. Every employee at Deutsche Telekom – from the Board of Management to staff member – is expected to implement these Guiding Principles in their daily work. The measures in the “Respect and Integrity” Guiding Principle are managed primarily by the Group Compliance Management unit.
The results of our employee study on the culture of compliance
In 2019, as part of the Compliance-based Company Culture initiative, we conducted our second ever international employee survey on compliance after 2017. This will be continued in 2021. The aim was to once again review how our compliance culture has developed. In the future, the survey will be repeated regularly every three years at the most. The European School of Management and Technology (ESMT Berlin) and Hertie School of Governance were our research partners in this initial study. 46,000 Deutsche Telekom employees took part in the last survey, once again more than in the first survey. The initiative is supported by an expert committee created specifically for this purpose.
Responses from our employees were more positive than in 2017:
- 98 percent of respondents affirmed their commitment to Deutsche Telekom’s rules and said they would not be willing to participate in unethical conduct (2017: 97 percent).
- 88 percent said that their manager set a good example of ethical conduct.
- Almost 90 percent said they had been well informed by the company about appropriate conduct at work and felt prepared to handle ethically questionable situations responsibly.
- The clear majority of respondents stated that management sets a good example in ethical conduct.
- They identified weaknesses in the area of feedback culture. Some employees said they did not feel confident in expressing their opinion openly.
The identified weaknesses were discussed in depth by the Board of Management and compiled into a set of measures. The aim of the measures: to reinforce the value-oriented compliance culture at the Group and to continue the mainly positive trend in the future. Among other things, the virtual reality program “Managing Dilemmas” was introduced. It aims to help our employees recognize critical situations and behave correctly in conflict situations. We also promoted our speak-up culture through a new e-learning program and other measures. This involved a focus on virtual learning experiences in 2020 due to the coronavirus pandemic: Among other things, we offered an e-learning course for managers on “Ethical Leadership” and the virtual reality training course “Managing Dilemmas” for all employees.
Crossing borders: Worldwide cooperation for compliance
Different legal practices and cultural values in the countries where Deutsche Telekom is active represent a significant compliance challenge for us. The increasingly dynamic development of global markets, the emergence of new, digital business models, and intensified international competition also influence our compliance strategy.
In line with the Group’s international orientation, we discuss strategic compliance issues with an internal international compliance advisory team twice a year. In 2020, compliance officers from the largest and/or strategically most significant international units shared with Group Compliance Management in online conferences due to the coronavirus pandemic. The annual International Compliance Days were likewise not held in-person in 2020 due to the coronavirus pandemic. Monthly international Compliance WebEx video conferences were held in their place. Strategic projects were presented and experiences from compliance activities at our international units exchanged. Topics included “Being Agile and Compliant,” “Digital Ethics” and “Corporate Strategy”.
We also exchange ideas with national and international organizations and experts on compliance issues, among other things. In addition, we regularly promote the further development of compliance standards and management systems through specialist presentations, publications, and other contributions.
Commitment to anti-corruption initiatives
Deutsche Telekom regularly contributes to national and international organizations that focus primarily on compliance issues. As a member of associations and organizations such as the German Institute for Compliance (DICO e.V.), the Compliance & Integrity forum of ZfW (Center for Business Ethics ) and Bitkom, Germany’s digital association, we make use of opportunities to exchange ideas and experiences related to compliance.
For years now we have been using the United Nations International Anti-Corruption Day on December 9 as an opportunity to raise awareness in the Group about the issue of bribery and corruption. The communication measures were deliberately launched during the pre-Christmas period, when many questions arise about the ethical handling of gifts.
Responsible use of artificial intelligence (AI)
Digital responsibility100 ongoing AI-supported projects at the end of 2020. Deutsche Telekom stands for an ethical approach to AI in which the focus is always on people and their needs. Last but not least, we have a great interest in ensuring that our customers can trust our products.is a task for society as a whole. Deutsche Telekom develops artificial intelligence (AI) and uses it in a variety of products. The Group had more than
Against this backdrop, in 2018 we were one of the first companies in the world to develop management guidelines for the ethical handling of our AI. They clarify how we at Deutsche Telekom intend to use AI responsibly and develop our AI-based products and services. As with our Code of Conduct, additional steps, regulations, and processes were required to elaborate and implement our AI guidelines. To that end, we initiated the following measures in the reporting year:
- True to the motto “share and enlighten”, we created an online training course on “Digital Ethics” for our employees and held "Artificial Intelligence Roadshows” with presentations on AI topics at the German and international levels.
- Owners of AI projects are advised directly by our Digital Ethics Team and can acquire an internal quality seal.
- Since AI does not stop at company boundaries, the existing Supplier Code of Conduct has been supplemented with corresponding requirements for handling AI.
- Within our committee work, we share our experiences and insights with other companies – including as part of our work in the Federation of German Industries (BDI), Germany’s digital association, Bitkom, the German Association for Digital Economy (BVDW), the Center for Business Ethics (ZfW) and in the Ethisphere Institute.
In 2020, we integrated the AI guidelines into our operational processes. They were included as an additional test in our Privacy and Security Assessment. We also developed internal testing procedures and test seals for Deutsche Telekom’s AI projects. In addition, we integrated the guidelines into various training courses for our employees. For example, we developed data scientist courses and our “Re-Skilling Academy”, and offer these in various attractive formats, including virtual tours, online training courses and “Digital Learning Journeys”.
Further development of the Compliance organization
Due to the increasing challenges in our market environment and changes in the working world, we are constantly adjusting the range of duties covered by Compliance. We also keep Compliance employees up to date in terms of knowledge and skills. For example, 20 employees from Deutsche Telekom’s German and international Compliance departments had the opportunity to take part in a wide-ranging compliance training course (“Certified Compliance Manager”). Due to the coronavirus pandemic, it was held exclusively online for the first time this year.
To prepare our Compliance organization for increasingly digital and agile ways of working, we launched the “Compliance Next Level” transformation initiative in 2020. The initiative included a virtual workshop to identify future requirements, tools and skills for the Compliance organization, and the compilation of compliance requirements from employees already working in agile structures.
- In view of the new requirements of a dynamic, agile and digital working world, we revised and supplemented our Guiding Principles in 2020. Numerous Group-wide measures enabled our employees to get a better understanding of the Guiding Principle “Respect and Integrity”, for which Group Compliance is responsible. To this aim, we developed various training and communication measures – such as our Living Culture Day – which serve to describe risks, conflicts and compliance-related dilemma sand deal with them.
- We designed the Future of Leadership program with the goal of helping managers maintain integrity and efficiency while coping with digitalization and an increasingly agile working world.
The measures are designed and supervised by Group Compliance Management.